top of page

Privacy Notice

 

This Privacy Notice explains how I collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

I am the Data Controller for the personal data you provide and am registered with the Information Commissioner's Office (ICO).

ICO Registration Number: ZC101272

1. Information I Collect

As part of providing counselling services, I may collect and process the following information:

  • Personal details, including your name, address, telephone number, email address, and date of birth

  • Contact details for your GP and an emergency contact

  • Information relating to your mental health, wellbeing, and personal history

  • Relevant medical information

  • Information you choose to share about your experiences, relationships, identity, or background

  • Brief clinical notes relating to our sessions

  • Appointment and payment records

Some of this information constitutes special category data under UK GDPR, including information relating to your health and wellbeing. This information is collected only where necessary for the provision of counselling services.

Therapy notes are kept minimal, factual, and relevant to the therapeutic work.

2. How Your Information Is Collected and Stored

I use a secure, encrypted, password-protected practice management system called Kiku to manage and store client information.

Kiku acts as a Data Processor, meaning it processes personal data only on my behalf and in accordance with applicable data protection legislation.

At the point of booking an initial consultation, you will be asked to provide basic contact details. During the assessment process, I may also request GP and emergency contact details as part of my professional duty of care.

All personal information is stored securely and is accessible only to me unless disclosure is required under the circumstances outlined in this notice.

Where personal data is stored or processed outside the UK, appropriate safeguards are in place in accordance with UK GDPR requirements.

3. Lawful Basis for Processing

Under UK GDPR, I process your personal data under the following lawful bases:

Article 6(1)(b) – Contractual Necessity
Processing is necessary to provide the counselling services we have agreed.

Article 6(1)(f) – Legitimate Interests
Processing is necessary for the safe, effective, and professional administration of my practice.

As counselling involves health-related information, I also rely on:

Article 9(2)(h) – Provision of Health or Social Care
Processing is necessary for the provision and management of counselling services.

4. Confidentiality and Clinical Supervision

Everything discussed in therapy is treated as confidential.

As part of ethical practice, I undertake regular clinical supervision. When discussing client work:

  • Identifying information is removed wherever possible

  • Information is anonymised to protect client privacy

Supervisors are bound by professional confidentiality and data protection obligations.

5. Circumstances Where Information May Be Shared

Your personal information will not be shared with third parties except where:

  • You have provided your explicit consent

  • There is a risk of serious harm to yourself or another person

  • There are safeguarding concerns involving a child or vulnerable adult

  • Disclosure is required by law, court order, or other legal obligation

Where appropriate and safe to do so, any disclosure will be discussed with you beforehand.

If I need to contact your GP or another healthcare professional, your consent will normally be sought unless there is a safeguarding or legal reason preventing this.

6. Professional Executor

As part of good professional practice, I have appointed a professional executor.

In the event of my death, serious illness, or incapacity, limited client information may be accessed solely for the purpose of informing clients, arranging appropriate closure of services, and where appropriate facilitating onward referral.

7. Retention of Records

Your personal information will be retained for the duration of therapy.

Following the end of therapy:

  • Identifiable contact information will be deleted where no longer required

  • A minimal client record will be retained for seven years following the end of therapy

This retention period reflects professional, legal, and insurance requirements.

Where therapy ends before a client reaches the age of 18, records may be retained for a longer period in accordance with safeguarding and limitation requirements.

At the end of the retention period, records will be securely destroyed.

8. Security Measures

I take appropriate technical and organisational measures to protect your information, including:

  • Encrypted and password-protected systems

  • Secure electronic storage

  • Restricted access to client information

  • Up-to-date security measures on devices used for practice administration

9. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate or incomplete information

  • Request restriction of processing in certain circumstances

  • Object to processing where applicable

  • Request erasure of personal data where legally applicable

  • Lodge a complaint regarding the handling of your personal information

Please note that some rights may be limited where records must be retained for legal, safeguarding, insurance, or professional obligations.

Requests relating to your personal information will usually be responded to within one month.

10. Data Protection Complaints Procedure

If you have concerns about how your personal information has been collected, stored, used, or shared, you are encouraged to raise these concerns with me in the first instance.

I will:

  • Acknowledge your complaint within 30 days

  • Investigate the matter appropriately and without undue delay

  • Keep you informed where necessary

  • Provide you with the outcome of the investigation

If you remain dissatisfied following my response, you have the right to complain to the Information Commissioner's Office (ICO).

11. Data Breaches

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, I will comply with my legal obligations, including notifying the ICO and affected individuals where required.

12. How Your Information Is Used

Your personal data is used solely for the provision and administration of counselling services, including:

  • Arranging and managing appointments

  • Communicating with you regarding therapy

  • Maintaining clinical records

  • Processing payments

  • Meeting legal, ethical, and professional obligations

Your information is never sold and is not used for marketing, advertising, or research purposes.

Contact Details

Joanna King Therapy

Email: joannakingis@outlook.com

Telephone: +44 7735 600800

If you have any questions about this Privacy Notice or how your information is handled, please contact me in the first instance.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

bottom of page